Comments (13)
ahopkins
commented on July 21, 2024
2
@jacebrowning I think you are going about this the wrong way. I would not be setting CORS_AUTOMATIC_OPTIONS = False, I do not think that is the functionality you are looking at.
Take a look here about the Access-Control-Request-Method header.
The Access-Control-Request-Method request header is used by browsers when issuing a preflight request, to let the server know which HTTP method will be used when the actual request is made. This header is necessary as the preflight request is always an OPTIONS and doesn't use the same method as the actual request.
Your browser will always send this. If you truly want to mimic a preflight request in curl, you should include it.
from sanic import Request, Sanic
app = Sanic(__name__)
app.config.CORS_ORIGINS = "*"
@app.get("/")
async def handler(request: Request):
...
app.run(port=9999)▶ curl localhost:9999 -i -X OPTIONS -H "access-control-request-method: GET" -H "Origin: http://localhost:9999"
HTTP/1.1 204 No Content
allow: GET,HEAD,OPTIONS
access-control-allow-origin: http://localhost:9999
access-control-max-age: 5
access-control-allow-headers: *
access-control-allow-methods: GET,HEAD,OPTIONS
connection: keep-alive
If instead you issue the request without that header:
▶ curl localhost:9999 -i -X OPTIONS -H "Origin: http://localhost:9999" ☸ prod (internal)
HTTP/1.1 204 No Content
allow: GET,HEAD,OPTIONS
connection: keep-alive
And, in your logs:
[2022-02-17 21:53:10 +0200] [696822] [INFO] No Access-Control-Request-Method header found on request. CORS headers will not be applied.
from sanic-ext.
ahopkins
commented on July 21, 2024
1
There's no bug with the last version - also the order matters and was the cause for the bug
This is another thing that changes in 21.12. Since there is no need to call Extend (you still can if you want, or use app.extend()), the order is not a problem.
from sanic-ext.
sjsadowski
commented on July 21, 2024
Hi, sanic-ext and sanic-cors have overlapping functionality. Can you remove sanic-cors and re-verify?
from sanic-ext.
koug44
commented on July 21, 2024
Sorry, this is a ghost import from several tests. CORS is not called or applied.
Test is the same removing the import
from sanic-ext.
sjsadowski
commented on July 21, 2024
Confirmed using curl.
curl -v -X OPTIONS -H "Access-Control-Request-Method:GET" -H "Origin: test" http://localhost:8001
* Trying 127.0.0.1:8001...
* Connected to localhost (127.0.0.1) port 8001 (#0)
> OPTIONS / HTTP/1.1
> Host: localhost:8001
> User-Agent: curl/7.79.1
> Accept: */*
> Access-Control-Request-Method:GET
> Origin: test
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 204 No Content
< allow: HEAD,GET,OPTIONS
< connection: keep-alive
<
* Connection #0 to host localhost left intact
from sanic-ext.
jacebrowning
commented on July 21, 2024
When CORS headers are missing (curl http://localhost:500 -X OPTIONS -i) the server logs:
[INFO] No Access-Control-Request-Method header found on request. CORS headers will not be applied.
Is there a way to always send CORS headers?
EDIT: Based on the docs, I would expect the default settings to work out-of-the box, but perhaps this logic is backwards?
sanic-ext/sanic_ext/extensions/http/cors.py
Lines 42 to 52 in 3b50cf0
It looks like this combination of options is required for CORS headers to be set automatically:
app.config.CORS_ORIGINS = "*"
app.config.CORS_AUTOMATIC_OPTIONS = False
from sanic-ext.
ahopkins
commented on July 21, 2024
Feel free to carry on the conversation, but I do not see any bug here.
from sanic-ext.
koug44
commented on July 21, 2024
@ahopkins Taking your own CURL request
[dalexandre@dalexandre ~]$ curl localhost:9999 -i -X OPTIONS -H "access-control-request-method: GET" -H "Origin: http://localhost:9999"
HTTP/1.1 204 No Content
allow: GET,HEAD,OPTIONS
connection: keep-alive
I don't have the headers in the response - it's the reason the issue was created in the first place.
You code snippet does not import sanic-ext in the first place
from sanic-ext.
ahopkins
commented on July 21, 2024
You code snippet does not import sanic-ext in the first place
That is not needed in v21.12
To setup Sanic Extensions (v21.12+), you need to do: nothing. If it is installed in the environment, it is setup and ready to go.
I don't have the headers in the response
What are your CORS settings?
What version are you on?
from sanic-ext.
koug44
commented on July 21, 2024
The one in the first post. I've just added the 9999 port to answer to your request
from sanic-ext.
koug44
commented on July 21, 2024
What version are you on?
sanic 21.9.3
sanic-ext 22.1.2
from sanic-ext.
ahopkins
commented on July 21, 2024
With Sanic 21.9 you will still need to use Extend. You also will need to make sure that the config settings are made before you call Extend.
# OK
app.config.CORS_ORIGINS = "*"
Extend(app)
# NOT OK
Extend(app)
app.config.CORS_ORIGINS = "*"
# OK
Extend(app, config={"cors_origins": "*"})from sanic-ext.
koug44
commented on July 21, 2024
Ok. Thanks for that.
There's no bug with the last version - also the order matters and was the cause for the bug
from sanic-ext.
Related Issues (20)
- [Bug] The error for not having Jinja installed is confusing
- [Bug] Wrong default variables type of Server object.
- [Feature Request] Blueprints cannot access the 'decorator way' of managing / rendering templates
- Allow the option to define a template directory in a blueprint HOT 1
- [Bug] Dependency injection not working for requests received during server is initializing HOT 1
- [Question] How to set field description on data class?
- [Question] OpenAPI spec available on all subdomains, and route exclusion without decorators does not seem to work.
- [Bug] Dependeny Injection throw exceptions by default if @classmethod constructors don't return value/objects
- [Feature Request]
- [Bug] OpenAPI definition does not include placeholder for "headers"
- [Bug] Json validator throws 500 instead of 400
- [Feature Request] Response Compression
- [Bug] Can't use `pydantic>=2.0` model in OpenAPI definition HOT 1
- [Bug] Can't document/exclude websocket routes with OpenAPI decorator
- [Bug] Subheader "parameter" missing in sanic extensions document
- [Bug] Can't apply openapi decorators to blueprintss' routes
- [Bug]TypeError: listener() got an unexpected keyword argument 'priority' HOT 1
- [Bug] Documentation: dead link to the setting
- Query params validation is completely broken HOT 2
- Question regarding licensing info
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sanic-ext.